WannaCry ransomware attacks: Hard lessons for some victims

0
327

SINGAPORE/HANOI: The WannaCry ransomware worm that hobbled big institutions and businesses at the weekend, including FedEx and Britain’s National Health Service, also indiscriminately caught many smaller victims across Asia, from hoteliers to Chinese students.

When MediaOnline, a firm that operates digital displays in Singapore shopping malls, noticed its displays were showing the ransomware’s pop-up window on Saturday, it sent engineers to two malls, director Dennis So told Reuters.

In the end, the company said it managed to beat the ransomware attack without having to pay the US$300 or so in bitcoin that hackers demanded in return for a decryption key to unfreeze their computers.

A ransomware message encountered by a Facebook user on a directory screen at Tiong Bahru Plaza on Saturday (May 13).  

MediaOnline’s So said only 12 computers were affected as the network was isolated from both the firm’s office network and those of the company running the malls, and its tenants. By replacing all the hard drives, reinstalling the operating system and downloading all Microsoft Windows updates, the computers were back up and running by early Monday, with So saying “no money or bitcoin was paid to the hackers”.

At some larger organisations, it took longer.

At Jakarta’s Dharmais Hospital, Indonesia’s biggest cancer centre, up to 200 people packed waiting rooms after cyber attacks hit scores of computers. By late Monday morning, some visitors were still filling out forms manually, though the hospital said 70 per cent of its systems were back online.

Patients and family wait for their turn to register at Dharmais Hospital, IndonesiaÕs biggest cancer hospital, after the institution suffered cyber attacks affecting scores of computers in Jakarta, Indonesia May 15, 2017. REUTERS/Darren Whiteside

The unknown hackers behind WannaCry don’t appear so far to have been well rewarded for their global blitz, with about US$50,000 worth of bitcoin transferred to the online wallets listed in the recent and earlier versions of the malware, according to bitcoin transaction tracker Elliptic Labs.

This may be partly because many of those infected, like MediaOnline, chose to restore their computer data from back-ups or by reinstalling the operating system. Others just held their breath.

LOST WORK

Yang Lin, a journalism student at China’s Zhejiang University of Media and Communications, told Reuters she had just finished revising her thesis late on Friday and was closing Word on her desktop when all the Word icons blanked out, her screen went black and the hackers’ message appeared.

“I was connected to the university network. I didn’t open any link,” she said. “I just cried. I was afraid to believe it, but had to accept it.”

Yang said she thought about paying the ransom to unfreeze her computer, but gave up when she found out how much this would cost. Via a chat platform, she discovered many of her friends faced the same problem.

She said she lost her literature review, foreign translations and thesis proposal, as well as films she had made over four years at college.

In Vietnam, hotel and restaurant manager Ngo Viet Yen said he was given 24 hours to pay 5 bitcoin (worth around US$9,000) to save his files after his systems were infected on Friday. He didn’t pay, and reckons he’s lost around US$2,000, and possibly more, as his staff revert to taking bookings, writing receipts and managing stock manually.

He noted that copyright infringement is widespread in Vietnam, and little is spent on system security.

“The number of computers updated to the latest version is very low,” he said. “And the server is rarely updated because there will be more issues and it often slows the system. It’s like: You only build a cage after losing your cows.”

Others found that even paying the ransom didn’t guarantee they’d get their data decrypted.

“We’ve seen some of our customers from the energy and health services who made the payment did not receive the decryption key in return,” said Budiman Tsjin, senior technical consultant at RSA, the security division of EMC Corp.

(US$1 = 6.8915 Chinese yuan renminbi)

(Reporting and writing by Jeremy Wagstaff, with additional reporting by Agustinus Da Costa in JAKARTA, Eric Auchard in FRANKFURT, Masuyuki Kitano in SINGAPORE, Engen Tham and SHANGHAI Newsroom, Jemima Kelly in LONDON and Mai Nguyen in HANOI; Editing by Ian Geoghegan)

Source link